Secure Website Structure

Discussion in 'PHP' started by FishSword, Nov 30, 2010.

0
  1. #1
    Hiya,

    What's the best and most secure way of structuring a website? I have looked at various forum packages (.e.g phpBB, myBB, and smf), and they each seem to use a switch statement in the index.php file.

    When you go to a section of the website, a get variable is passed, and the relevant area of the website is loaded through the switch statement. Is this the best and only way?

    I would appreciate any body's thoughts on this topic.

    Thanks,
    FishSword
     
    FishSword, Nov 30, 2010 IP
  2. Sky AK47

    Sky AK47 Member

    Messages:
    298
    Likes Received:
    8
    Best Answers:
    1
    Trophy Points:
    45
    #2
    I'm not completly sure what you want. Having a switch statement to check where the user is at doesn't make it any secure.
    In my opinion, yes this is the best way, but it's certainly not the only way.
     
    Sky AK47, Dec 1, 2010 IP
  3. techbongo

    techbongo Active Member

    Messages:
    309
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    80
    #3
    You're talking about a CMS. It depends on specific needs and expectation. You may choose your own way to implement security, don't need to fetch the entire website from a centralized dispatcher (index.php) based on sessions or url parameters. Just make sure you separate your website GUI from the underlying Business Logic layers, with the help of advanced techniques and frameworks.
     
    techbongo, Dec 1, 2010 IP
  4. Gray Fox

    Gray Fox Well-Known Member

    Messages:
    196
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #4
    Most of those scripts are backwards compatible with PHP4 and have some very bad coding standards. I'd recommend you go with some framework.
     
    Gray Fox, Dec 2, 2010 IP
  5. r.pointing

    r.pointing Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Hello Guys
    Everyone does it differently and everyone thinks they're doing it the best way.
     
    r.pointing, Dec 3, 2010 IP
  6. Gray Fox

    Gray Fox Well-Known Member

    Messages:
    196
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #6
    @r.pointing so far this thread only had two opinions saying the same thing, so you're not really helping.
     
    Gray Fox, Dec 3, 2010 IP
  7. danx10

    danx10 Peon

    Messages:
    1,179
    Likes Received:
    44
    Best Answers:
    2
    Trophy Points:
    0
    #7
    That just a dispatch/controller file which doesn't neccessarily improve security nor effect coding standards.

    Aslong as the core code is sanitized sufficiently structure shouldn't be a problem.
     
    danx10, Dec 3, 2010 IP
  8. digiklan

    digiklan Member

    Messages:
    25
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    38
    #8
    The secure structure is based on filtering inputs. The rest is not about the security it is about the performance or the architecture of the alghorithm. As long as you filter all the inputs variables (requests, get, post, server, cookie) you can have security. The rest is your imagination. But as other guys told frameworks are like the culture of a programmer nation. It's the most secure and efficient way of building your application. Because when you write your own code, you only use your own intelligence. But when you use a framework. You use intelligence of many programmer that build, test and fix that framework.
     
    digiklan, Dec 5, 2010 IP